| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 1 Jul 2011 14:00:59 +0200 From: Ingo Molnar <mingo@...e.hu> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Vasiliy Kulikov <segoon@...nwall.com>, Alan Cox <alan@...rguk.ukuu.org.uk>, Andrew Morton <akpm@...ux-foundation.org>, James Morris <jmorris@...ei.org>, Namhyung Kim <namhyung@...il.com>, Greg Kroah-Hartman <gregkh@...e.de>, kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2] kernel: escape non-ASCII and control characters in printk() * Linus Torvalds <torvalds@...ux-foundation.org> wrote: > On Mon, Jun 27, 2011 at 11:38 AM, Vasiliy Kulikov <segoon@...nwall.com> wrote: > > > > Sure, I don't propose it anymore (v2 goes without it). > > What point would you like to filter things at? > > I really think that user space should do its own filtering - nobody > does a plain 'cat' on dmesg. Or if they do, they really have > themselves to blame. > > And afaik, we don't do any escape sequence handling at the console > level either, so you cannot mess up the console with control > characters. > > And the most dangerous character seems to be one that you don't > filter: the one we really do react to is '\n', and you could possibly > make confusing log messages by embedding a newline in your string and > then trying to make the rest look like something bad (say, an oops). > > So I'm not entirely convinced about this filtering at all. Yeah. It would be nice to see a demonstration of at least one 'bad thing' that is possible via the current code, before we protect against it. The claim the patch makes is rather specific: | There are numerous printk() instances with user supplied input as | "%s" data, and unprivileged user may craft log messages with | substrings containing control characters via these printk()s. | Control characters might fool root viewing the logs via tty, e.g. | using ^[1A to suppress the previous log line. So it ought to be demonstrable. Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists